Move allowed node attrs to config file, apply automatically
This moves the whitelist for nodes' "normal" attributes to a config file, which is loaded live during every run and applied in memory in case the node's local file hasn't been updated before the client run. Fixes allowed attributes being overwritten/removed in the node info JSON files.
This commit is contained in:
+4
-2
@@ -28,5 +28,7 @@ knife[:automatic_attribute_whitelist] = %w[
|
|||||||
|
|
||||||
# Added to /etc/chef/client.rb on node bootstrap
|
# Added to /etc/chef/client.rb on node bootstrap
|
||||||
# https://docs.chef.io/attribute_persistence/
|
# https://docs.chef.io/attribute_persistence/
|
||||||
knife[:normal_attribute_allowlist] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd', 'openresty']
|
# Source of truth: site-cookbooks/kosmos-base/files/default/chef_normal_attributes.yml
|
||||||
knife[:allowed_normal_attributes] = ['knife_zero', 'kosmos_kvm', 'kosmos-ejabberd', 'openresty']
|
normal_attrs = YAML.load_file(File.expand_path("../site-cookbooks/kosmos-base/files/default/chef_normal_attributes.yml", __dir__))
|
||||||
|
knife[:normal_attribute_allowlist] = normal_attrs
|
||||||
|
knife[:allowed_normal_attributes] = normal_attrs
|
||||||
|
|||||||
@@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
- knife_zero
|
||||||
|
- kosmos_kvm
|
||||||
|
- kosmos-ejabberd
|
||||||
|
- openresty
|
||||||
|
- vm_host
|
||||||
@@ -26,6 +26,33 @@
|
|||||||
|
|
||||||
include_recipe "apt"
|
include_recipe "apt"
|
||||||
|
|
||||||
|
cookbook_file "/etc/chef/chef_normal_attributes.yml" do
|
||||||
|
source "chef_normal_attributes.yml"
|
||||||
|
owner "root"
|
||||||
|
group "root"
|
||||||
|
mode "0644"
|
||||||
|
end
|
||||||
|
|
||||||
|
ruby_block "update allowed_normal_attributes in client.rb" do
|
||||||
|
block do
|
||||||
|
whitelist = YAML.load_file("/etc/chef/chef_normal_attributes.yml")
|
||||||
|
fe = Chef::Util::FileEdit.new("/etc/chef/client.rb")
|
||||||
|
fe.search_file_replace_line(
|
||||||
|
/^allowed_normal_attributes.*/,
|
||||||
|
"allowed_normal_attributes #{whitelist.inspect}"
|
||||||
|
)
|
||||||
|
fe.write_file
|
||||||
|
|
||||||
|
Chef::Config[:allowed_normal_attributes] = whitelist
|
||||||
|
Chef::Config[:normal_attribute_allowlist] = whitelist
|
||||||
|
end
|
||||||
|
not_if do
|
||||||
|
whitelist = YAML.load_file("/etc/chef/chef_normal_attributes.yml")
|
||||||
|
client_rb = ::File.read("/etc/chef/client.rb")
|
||||||
|
whitelist.all? { |attr| client_rb.include?(attr) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
directory "/etc/apt/keyrings" do
|
directory "/etc/apt/keyrings" do
|
||||||
mode "0755"
|
mode "0755"
|
||||||
action :create
|
action :create
|
||||||
|
|||||||
Reference in New Issue
Block a user